Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

POSIX recommends sigaction() and deprecates the use of signal() to register signal handlers. Unfortunately, sigaction() is not defined in the C Standard and is consequently not as portable a solution.

...

Interrupting a noninterruptible signal handler can result in a variety of vulnerabilities [Zalewski 2001].

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

SIG00-C

High

Likely

High

P9

L2

Automated Detection

Tool

Version

Checker

Description

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
BADFUNC.SIGNALUse of signal
Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C5019
LDRA tool suite
Include Page
LDRA_V
LDRA_V
44 SEnhanced enforcement
PRQA QA-C Include PagePRQA QA-C_vPRQA QA-C_vwarncall for signalPartially implemented
Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V
CERT_C-SIG00-a

The signal handling facilities of <signal.h> shall not be used

PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

586

Assistance provided: reports use of the signal function

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

Bibliography

[C99 Rationale 2003]Subclause 5.2.3, "Signals and Interrupts"
[Dowd 2006]Chapter 13, "Synchronization and State" ("Signal Interruption and Repetition")
[IEEE Std 1003.1:2013]XSH, System Interface, longjmp
[OpenBSD]signal() Man Page
[Zalewski 2001]"Delivering Signals for Fun and Profit"

...


...

Image Modified Image Modified Image Modified